The Study Guide is proprietary to PLANET3 WIRELESS, INC., who retains exclusive title to and people for their contributions to the CWAP Study Guide. CWAP ().pdf - Ebook download as PDF File .pdf), Text File .txt) or read Vendor Methodologies For the purposes of this study guide. the focus is. zo, 24 mrt GMT cwap certified wireless analysis pdf - nvensigtitape.ga com za, 23 mrt. GMT nvensigtitape.ga - CWAP.
|Language:||English, Spanish, Dutch|
|Distribution:||Free* [*Registration Required]|
Study Guide By Publishing Certitrek EBOOK EPUB KINDLE PDF pdf. Cwap(R) Certified Wireless Analysis Professional Official Study Guide. CNWP, CWNA, CWNI, CWSE, CWNE, CWAP, CWEC and their respective logos are The Study Guide is proprietary to PLANET3 WIRELESS, INC., who retains . White Paper (PDF download) i Authentication and Key CWAP. CWAP Certified Wireless Analysis Professional Official Study Guide.
Users will often use phrases to describe a problem that the analyst can easily misinterpret. Open-ended questions are those that cannot properly be answered with a yes or no response. Implement the action plan. This may be caused by a misconfiguration or a network problem.
A user connects to the WLAN. Many organizations have documentation systems where analysts are expected to document problem statements such as the ones discussed here. Using the Cisco process. This problem statement will become the foundation for the troubleshooting process. The first step is to define a clear problem statement. The user cannot browse the Internet or even access local network resources. If such a system does not exist.
A problem statement should plainly state the problem experienced by the user and any related symptoms that would be helpful in the troubleshooting process.
As changes are made. At step one of this process for the scenario in question. If the problem is not resolved. Create an action plan based on the remaining potential problems and the most likely cause. Repeat until resolved or escalated. Consider possible problems based on the facts discovered.
The problem statement. The scenario is simple: Analyze the results and determine whether the problem has been resolved. For our purposes. Figure Internet Browser Error Additionally.
Here are some example fact-gathering questions for our scenario: Consider the following four answers to the preceding questions. In this scenario. In general. An additional important question to ask in all such scenarios is a yes or no question: Are any other users experiencing the problem? We will assume. In a scenario like this. In addition to questioning the user. The list will come from past experience.
Supplicant misconfiguration 3. With a list of potential causes. Supplicant misconfiguration 4. After gathering the facts. Improper static IP settings 2. DHCP server unreachable 2. Network Notification Icon with Error 3 - Consider possible problems based on the facts discovered.
DNS server failure or misconfiguration 5. DHCP pool depletion 6. DHCP pool depletion 4 - Create an action plan based on the remaining potential problems and the most likely cause.
These further considerations result in the following prioritized list: Improper static IP settings 3. For the given scenario. This fact also rules out DNS server failure or misconfiguration. If a device has been configured differently than the standard.
With a refined and prioritized list. The action plan. After completing the steps in the action plan. Verify network connectivity. If the problem was resolved. The supplication settings could be verified. The plan of action may look something like this assuming that DHCP should be in use instead of static IP configuration: The user needs to understand the ramifications of making unauthorized changes.
In some cases. Now that the action plan is documented. If the Web sites are working. This step simply involves performing the actions in sequence to verify a theoretical cause. If configured for static IP settings. Save the changes. In such scenarios.
It may also reveal that additional changes were made. In production environments.
In this case. Check the IP settings on the client adapter to verify appropriate settings. The process is divided into five phases as follows: Discovery—Gather information about the problem. For this reason.
If you cannot reproduce the problem. The Microsoft Troubleshooting Process The Microsoft recommended troubleshooting process can be found at http: This does not mean one process is better than the other. The Microsoft methodology suggests creating the action plan before problem reproduction and isolation. Problem Isolation—Isolate the variables that relate directly to the problem. In some organizations.
Problem Reproduction—Reproduce the problem. With such assurance. If you have exhausted all possible software and configuration settings in relation to a given problem. I will provide a brief overview of the CompTIA methodologies. Planning—Create a plan of action. Industry Methodologies Industry methodologies are those recommended by independent organizations non- vendor or vendor-neutral. Analysis—Analyze your findings to determine the cause of the problem.
In the end. The Microsoft methodology will not be explored in as much detail as the Cisco methodology was. Identify the problem. Establish a theory of probable cause. Network troubleshooting is more complex in many cases as you must consider local systems. Establish a plan of action to resolve the problem and implement the solution. Verify full system functionality. Establish a plan of action to resolve the problem and identify potential effects.
This is. Test the theory to determine cause. As you can see. Many troubleshooting methodologies overlook this action. It is important to have a standard configuration and to also ensure that the standard configuration evolves as needed. Implement the solution or escalate as necessary. Establish a theory of probable cause question the obvious. WLAN troubleshooting is similar. You will be tested against the CWNP methodology covered in the following section and not against the above mentioned methodologies specifically.
The preceding methodologies were covered to expose you to general troubleshooting concepts. Document findings.
Narrow to the most likely cause. This step is very important as it can reveal a local network outage that impacts all users as opposed to a single-user. The CWNP methodology includes the following steps: The problem must always be verified. The worst mistake a troubleshooter can make is to assume the specifics of a given problem. It is based on industry experience and feedback and will aid the WLAN professional in resolving network issues quickly and effectively.
The first step is to identify the problem. WLAN analysis and troubleshooting. Assumptions can come from faulty communications with the users experiencing the problem.
The same is true in troubleshooting. These questions. Document the results. The second step is to discover the scale of the problem.
Think of identifying the problem as defining the objective. Create a plan of action or escalate the problem. Ask questions like the following to identify the problem: As you can see from these questions.
Define the possible causes of the problem. Perform corrective actions. Without this foundation. When you define objectives for a WLAN design. Many hours can be wasted by troubleshooting an assumed problem. Discover the scale of the problem. Verify the solution.
If it is. One cause is more likely than the others for a given problem in a given environment. Remember that application problems can be larger in scale than a single individual.
In reality. The real problem must be identified. If you are receiving reports from multiple users in a coverage area. The fourth step is to narrow to the most likely cause. The point is simple: Stated differently.
You may use networking tools to identify possible causes. In these first three steps. The troubleshooter must narrow the pool of potential causes to the most likely for a given scenario. A specific environment. A single problem can occur because of many different potential causes. If you are addressing the first report of a problem.
The third step is to define the possible causes of the problem. This truth is why step one is so important. After having experience with a solution in your environment you will develop the experiential expertise that allows for faster troubleshooting.
Create a backup of the current configuration. Given a system that supports recoverability features. The documentation will allow you to determine the most common causes of problems over time. Uninstall the drivers completely from the device.
The reality is that you may cycle through steps four through seven many times before finding the solution. Over time. The fifth step is to create a plan of action or escalate the problem. The eighth and final step is to document the results. If the previous plan of action results in a working system. The plan of action may or may not be documented. Reinstall the drivers.
In cases where you have altered configuration settings and the problem is not resolved. I would argue that this is equal in importance to the first step. In the real world of network support. The sixth step is to perform corrective actions. If you do not document the results. When you can resolve the issue yourself assuming you have identified the appropriate cause. Attempt to connect to the WLAN. You expect that this will result in the repair of corrupted driver files and allow for connectivity to the WLAN.
This reality is why step eight is so important. This issue should be escalated to the call manager administrator with all of the details that you have gathered. In many scenarios. It is for this reason that. Many WLAN professionals blog. The Open Systems Interconnection OSI Model is a documented conceptual networking model that is not directly implemented in a production protocol. This model allows you to take a very complex communications process apart for analysis and to evaluate its components.
In fact. As a reference model. You can focus on securing each layer. In other words. The OSI model is segmented into seven layers. This section will first review the OSI Model layers and then provide guidance for troubleshooting at each layer. The seven layers are from top to bottom: Do some research to help focus your step three process of defining possible causes.
Use OPK to enhance your troubleshooting abilities. Take advantage of these resources and of your internal documentation to reduce your troubleshooting time and to become a better WLAN analyst. It is also useful to know the primary. How is this? In a simplified explanation.
The abstraction gives you the ability to use the same Web browser and HTTP protocol to communicate on the Internet whether the lower layer connection is a dial-up modem. This example uses the The Physical Layer reads bits from the chosen medium and converts these into frames for the Data Link Layer. The resulting speed or performance will certainly vary.
You will need to understand the basic description of each layer and the services it provides to the networking process. The higher layers do not necessarily have to know how the lower layers are doing their work. I will define each layer and then give examples of its use starting with the topmost layer. Many resources suggest mnemonics to help you memorize the OSI model layers. I recommend that you fully understand what each layer does as presented in this chapter.
Figure 1. The point is that the most popular upper layer protocol suite. In addition. It is important that you understand the basic operations that take place at each layer of the OSI model. Each layer is defined as both providing services and receiving services. In order to fully understand the OSI model and be able to relate to it throughout the remaining chapters of this book.
While this example shows a wired Ethernet connection between the two machines. The layered model allows for abstraction. Use a mnemonic if you must.
While not tested directly. The Application Layer is defined in sub-clause 7. The Application Layer is the OSI layer that these applications communicate with when they need to send or receive data across the network. Do not confuse the Application Layer with the general word application. You could say that the Application Layer exposes the higher-level protocols used for that communication.
Adobe Photoshop. As examples of system applications. The processes operating in the Application Layer are known as application-entities. Email SMTP. Your email application will connect to an SMTP server in order to send the email message. Both of these are considered system-level applications because they are not usually directly accessed by the user though this is open for debate since administrators are users too.
Notice that the applications or programs used by the user actually take advantage of the application services in the Application Layer or Layer 7. Outlook does not reside in Layer 7. Application Layer processes fall into two general categories: The SMTP is used to move email messages from one server to another and usually works in conjunction with other protocols for mail storage.
An application-entity is defined in the standard as an active element embodying a set of capabilities. SMTP is an application-entity. It is the most heavily used Application Layer protocol on the Internet and possibly in the world. Application-entities are the services that run in Layer 7 and communicate with lower layers while exposing entry points to the OSI model for applications running on the local computing device.
Outlook takes advantage of SMTP. Web proxies. Syntax management refers to the process of ensuring that the sending and receiving hosts communicate with a shared syntax or language. After all. Data at the Application Layer Layer 7 Devices that operate at Layer 7 include content filtering devices.
The Presentation Layer is not used in all network communications and it. The Presentation Layer. When you realize this. The Presentation Layer is defined in sub-clause 7. The Presentation Layer provides for syntax management and conversion as well as encryption services.
Layer 7 firewalls. Non-repudiation simply means that the sender cannot deny the sending of data. If you wanted to secure the message. As your email message moves down to the Presentation Layer. The processes running at Layer 6 are known as presentation-entities in the OSI model documentation. With solid authentication.
The Presentation Layer is converting your email message. Data representation is the process of ensuring that data is presented to Layer 7 in a useful way and that it is passed to Layer 5 in a way that can be processed by the lower layers.
Ultimately Layer 6 is responsible. Authentication is used to verify the identity of the sender and receiver. You can see the email now as it exists at Layer 6 in Figure 1. Data security usually includes authentication. Authorization ensures that only valid users can access the data.
The encrypted data is sometimes said to be enveloped data. This is often used for auditing and incident handling purposes.
Examples of Presentation Layer protocols and functions include any number of data representation and encryption protocols. Layer 5 is responsible for establishing the session. Sessions are created. This is accomplished by establishing a connection between two communicating presentation-entities. A programmer can develop an application that calls the subroutine in the same way as a local.
A session includes the agreement to communicate and the rules by which the communications will transpire. The result is simple mechanisms for orderly data exchange and session termination.
The protocol allows SCSI commands to be sent to the remote device. The Network File System NFS protocol is used to provide access to files on remote computers as if they were on the local computer. Remember that these protocols are provided only as examples of the protocols available at Layer 5 as were the other protocols mentioned for Layers 6 and 7.
For now. We could. The services and processes running in Layer 5 are known as session-entities. RPC abstracts the network layer and allows the application running above Layer 7 to execute the subroutine without knowledge of the fact that it is running on a remote computer. These session-entities will be served by the Transport Layer. At the Session layer. By learning the functionality of protocols that operate at each layer. In Windows. Data at the Session Layer Layer 4.
UDP is frequently used for the transfer of voice and video data. This simply means that the Transport Layer. Because voice data either has to arrive or not arrive as opposed to being allowed to arrive late. UDP is frequently used. These transport-entities will be served by the Network Layer.
If the data will fit in one segment. The Transport Layer takes the information about your email message from the Session Layer and begins dividing it segmenting into manageable chunks packets for transmission by the lower layers. At the Transport Layer. The local machine is never concerned with this with the exception of the required knowledge of an exit point. Examples of Network Layer protocols and functions include IP. It only needs to know the IP address for which the packet is destined and any relevant QoS parameters in order to move the packet along.
The Internet Protocol IP is used for addressing and routing of data packets in order to allow them to reach their destination. That destination can be on the local network or a remote network. Transport Layer segments become packets. IPSec sits solidly at Layer 3. These packets will be processed by the Data Link Layer.
IPSec has become more and more popular since it was first defined in While security protocols such as SSL. The services and processing operating in the Network Layer are known as network- entities.
The benefit is that. These network-entities depend on the services provided by the Data Link Layer. At the Network Layer. The results of Layer 3 processing are shown in Figure 1.
Data at the Network Layer The Data Link Layer is defined as providing communications between connectionless- mode or connection-mode network entities. As you know. Ethernet Wi-Fi is the common name given to the This may include the establishment. Layers 1—4 are the most important layers to understand well for the CWAP exam. The Data Link Layer. In Figure 1. The frames are ready to be transmitted by the Physical Layer. The LLC sublayer is not actually used by many transport protocols.
Ethernet comes in many different implementations from 10 Mbps megabits per second or million bits per second to 10 Gbps gigabytes per second in common implementation.
Like the other layers before it. So the segments became packets in Layer 3 and now the packets have become frames. The Data Link Layer adds the necessary header to the email packets received from Layer 3 and your email message. The results of the processing in Layer 2 are that the packet becomes a frame that is ready to be transmitted by the Physical Layer or Layer 1. Faster Ethernet technologies are being developed and implemented on a small scale today.
Through connections—possibly both wired and wireless—I can send signals that what happens at Layer 1 to a device on the other side of the globe. The connections between all other layers are really logical connections as the only real physical connection that results in true transfer of data is at Layer 1—the Physical Layer. It is really amazing to think that my computer—the one I am using to type these words— is connected to a wireless access point AP in my office.
In reality this connection is logical. To think that there is a potential electrical connection path between. It is Layer 1 that is responsible for taking the data frames from Layer 2 and transmitting them on the communications medium as binary bits ones and zeros. It may use electrical signals or light pulses both actually being electromagnetic in nature.
This medium may be wired or wireless. You probably noticed that Ethernet was mentioned as an example of a Data Link Layer protocol. Whatever you have chosen to use at Layer 1.
Your email is finally being transmitted across the network. Examples of Physical Layer protocols and functions include Ethernet. Wi-Fi technologies First a one and then a zero. Frames become packets. On the receiving end the data is received. Data at the Physical Layer The example of the email transmission has been simplified in comparison to what really takes place.
This is what the OSI layers do for.
That incoming data may be a confirmation of a past outgoing packet that was part of the email message. Due to the nature of varying underlying Layer 1 technologies. When the data is sent. It has become the most common method for referencing all things networking. Within the article there is no explanation of what is meant by Layer 3.
Many certification exams will not test you on the OSI model directly. Now that you understand the layers of the OSI model. The Application Layer on one device communicates with the Application Layer on the other device. This is accomplished through segmentation and encapsulation. When the clients attempt to join the wireless LAN. In the same way. You may read statements like the following: Web authentication is a Layer 3 security feature that causes the controller to not allow IP traffic except DHCP-related packets from a particular client until that client has correctly supplied a valid username and password.
The OSI model is more than a set of facts that you memorize for certification exams. You will have to know which of these protocols provide both security and operate at Layer 3 of the OSI model. Not to mention the fact that you will actually be able to understand all those articles.
The process is the Note: Many resources assume that you understand this model and reference it without explanation. The examples presented here use Ethernet as the communications for Layers 1 and 2. While you will not see an exact question such as this on the CWAP examination. Each layer is said to communicate with a peer layer on another device.
The OSI model. When you use web authentication to authenticate clients. It is also what many actual network protocols do for us. What technologies can you use to implement this security? It is simply assumed that you know what this means. Layering is seen in human interactions. Segmentation is the process of segmenting or separating the data into manageable or allowable sizes for transfer. The most important thing to remember about all of this is that. This is really no different than human communications.
Segmentation actually begins at Layer 4 where TCP segments are created. As an example. The IP packet is surround by header and possibly footer information that allows the data to be transmitted.
Encapsulation is the process of enveloping information within headers so that the information can be passed across varied networks. Figures 1. An octet is eight bits and is usually called a byte. IP packets also called datagrams are encapsulated inside of Do you see the similarities? Much like the Session Layer represents data in a way that the remote machine can understand it. Barney can send back a signal verbal.
Here the information is interpreted and may or may not have been received correctly. Layering in Human Communications Notice. After the thought is translated into English. Similar to the way the Physical Layer has to transmit electrical signals on a wired network.
The eardrums receive these signals and send the received information to the brain. Behind the communications is an initial thought that needs to be transferred from the Fred to Barney. It is also useful to remember that data travels down. The point is that we could break human communications into layers that are similar to that which is defined in the OSI model.
The thought may or may not already be in a language that Fred and Barney know. The question is this: Wired network connections include Layer 1 troubleshooting when you are evaluating the cables. This problem is caused by many different issues. Most OSI model troubleshooting is performed at layers 1.
If you suspect interference as the cause of the problem. The answer is to determine the most likely cause. PHY problems can be analyzed using spectrum analyzers covered in detail in Chapter 6 and protocol analyzers covered in detail in Chapter 7.
When interference occurs at the receiver. If you are. That is. A quick scan with a spectrum analyzer near the problem receiver can reveal any sources of interference. When using a spectrum analyzer. A common Layer 1 problem is lack of connectivity. Layer 2 problems have to do with addressing MAC addresses. An example of a common Layer 4 Transport Layer problem is a blocked port on a local device.
Layer 3. Using IPConfig on the local device to ensure proper default gateway configuration and verifying the route configuration in the router will usually lead to a solution. In a controller-based environment. In this. Troubleshooting Layer 7 is beyond the scope of this book. Layer 7. The user may feel that a network error is occurring when the actual problem is an improper configuration in the client firewall. The key here is to always ask.
The focus here is not on screw drivers and pliers. If such a scenario exists. All of the communications happen between the AP and the client in such an environment. Example causes of problems include malformed HTTP requests.
Of course. Many devices have endpoint security solutions. Consider that when a device on one segment can communicate with other devices on the same segment but cannot communicate with devices on another segment.
This is not completely true when WPA2- Enterprise is used. As you study the remaining chapters in this book. A protocol analyzer can be used to evaluate EAPOL communications and for troubleshooting authentication issues.
Focusing on the most likely layer of the OSI model that would cause the problem can lead to quick resolution. Networking Tools Networking tools are used to analyze and troubleshoot network connection and throughput issues. Help for the Windows-based iPerf Command Throughput testers are used to evaluate the useful data bits that can pass through a network.
These tools are covered in greater detail in later chapters but are introduced here to provide a foundation for understanding. These problems include the lack of network connectivity. These tools are not included as native parts of operating systems. They include throughput testers. They typically test at Layer 4 but may be able to test at higher layers.
GUI-based throughput testers provide a graphical interface used to configure the server and the client and to execute the testing. Some versions of iperf allow for bidirectional testing so that this concern no longer exists.
The data rate is a significant factor in determining network throughput for a user. The data rate is the rate at which bits can be sent across the wireless medium. To test the uplink. Layer 4. Chapter 2 will review wireless communications.
When testing throughput. Command- based throughput testers work at the Command Prompt in Windows or at the shell in Linux environments. The default behavior of iperf is to test the throughput from the client to the server. They use commands with switches to configure the server and to execute the test on the client. This tool can test both TCP and UDP traffic and supports reporting on packet loss with visual graphs showing moment-by-moment throughput performance. Higher data rates use more sophisticated modulation and coding schemes and require better signal conditions than lower data rates.
They are tools that allow you to capture and decode networking. Those clients will gain access to the medium as well. Protocol analyzers have existed for more than two decades. This impacts Layer 4 throughput significantly. The point is that throughput is not a simple factor of data rate. Other clients may be connected to the same AP at 54 and 48 Mbps.
Wireless protocol analyzers are different as they require specifically compatible adapters. I will not cover them in more detail here. Spectrum analyzers are also covered in extensive detail in a later chapter of this book. Know that throughput testers evaluate the useful data throughput and not the data rate of the WLAN link.
They show all RF activity. Given that an entire chapter is dedicated to protocol analyzers later in this book. Wired protocol analyzers are very easy to use as they work with practically any network adapter. The useful throughput is always less than the data rate on WLANs because of management overhead. If the target IP address both receives the request and is configured to allow responses. Most ping commands provide a switch to change the size of the ECHO message. These tools are also used to analyze connection issues and view client device parameters.
When using this command. These include ping. They are introduced here to provide a foundation for understanding. The ping command is available in most OSes and even in many embedded OSes such as those in switches and routers. This behavior is defined in the RFC and can be validated in a simple protocol capture of a ping process as shown in Figure 1.
While a DNS host name may be used. Simply run the command. Two important parameters for testing are —t and —l. This function is useful when testing for intermittent connectivity problems. PING supports the parameters shown in Figure 1. This function is useful when you wish to force more data through the network. The benefit of the traceroute command again. The result. The traceroute command now knows that IP address.
On your internal network. On the Internet. Traceroute Process Captured in WireShark The pathping command is a somewhat enhanced implementation of traceroute in Windows. It not only determines the route taken but also responds with useful statistics about the performance along the path. It is a useful command to use when clients cannot resolve host names to IP addresses or when a lightweight AP is unable to locate its controller and DNS is intended to be used for such location services.
Simply running Netstat with an interval in seconds. This can be useful to analyze targets for TCP sessions on the network.
Netstat is used to show statistics for network connections. Netstat Reporting Active Connections. Additional netsh commands of interest include: The final command. Next execute the? It provides extensive information about the wireless adapter and connection when in WLAN mode. This command reveals many things about network connections and configurations on the Windows computer. These commands are useful for troubleshooting WLAN configuration issues. Unlike many other Command Prompt commands.
These profiles include pre-shared key. PSK passphrases are not shown in the output. PSK passphrases. If you want to see the stored key. When the name of a specific profile is provided. To get more or alternate information about a network. Since this is a WLAN client. Briefly list each step of the troubleshooting methodology as mentioned in the above article? Question 2: List the top five considerations that you would need to take to prepare for network failure?
Question 3: Give three reasons why documenting problems is essential? Given that these methodologies are provided online. List and briefly explain the troubleshooting methodology followed at HP? List the top 10 reasons for a system failure? What would be the next step of your troubleshooting methodology in case you are not able to reproduce the problem? List the methods that you can use to collect information about the problem?
How does creating an action plan as a part of your troubleshooting methodology help in resolving the problem? Exercise 1 In this exercise. What can you do to minimize the reoccurrence of a problem? Answer a Answer 1: What would be the next step of your troubleshooting methodology if you are not able to reproduce the problem? This will enable you to write additional code.
This will enable you to back track the steps that were performed till the step at which the problem occurred. Answer 2: When a problem occurs.
Record all minute details. What is your next step to troubleshoot such a problem? Turns out the information provided by these spectrum analyzers was pretty useful and device identification was less-than perfect. I have a few issues with heavy reliance on device identification, and most of them are also discussed in the CWAP study guide as well. If the software claims there is a transmitter, you should be able to match its claim to the data in the FFT, density and or duty cycle.
Quite often, interference is not from non-Wi-Fi but from channel-overlapping Wi-Fi. Device identification has no listing for sideband carrier interference. Device identification software lists numerous instances of interfering devices which are more than likely all the same device.
You can pause it like a DVR and Chanalyzer will continue to log. This is extremely useful for showing how bad the cordless phone interference was from to Density Map — This is the most accurate density map of spectrum activity available.
The density map should be your first stop in identifying any kind of wireless interference. The density view in Chanalyzer is a better method of displaying what an interference-causing device looks like than a traditional FFT graph.